package com.sihai.ehr.web.interceptor;

import java.util.HashSet;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.opensymphony.xwork2.Action;
import com.sihai.ehr.model.sys.User;
import com.sihai.ehr.web.AuthorityManager;
import org.apache.commons.lang.StringUtils;
import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import com.sihai.core.beans.BeanLocator;
import com.sihai.core.web.struts2.BaseAction;

public class AuthorityInterceptor implements Interceptor {

    /**
     * serialVersionUID
     */
    private static final long serialVersionUID = -100920574295590424L;

    private static Set<String> public_action = new HashSet<String>();
    private AuthorityManager authorityManager;

    @Override
    public String intercept(ActionInvocation invocation) throws Exception {
        HttpServletResponse response = ServletActionContext.getResponse();
        HttpServletRequest request = ServletActionContext.getRequest();
        //response.addHeader("Cache-Control", "Public");
        response.addHeader("Cache-Control", "no-cache");
        response.addHeader("Expires", "0");

        String action_name = invocation.getInvocationContext().getName();
        System.out.println("wxn------action_name="+action_name);
        if (public_action.contains(action_name)) {
            return invocation.invoke();
        }

        User user = authorityManager.retrieveUser(ServletActionContext.getRequest());
        if (user == null) {
            if (StringUtils.isNotBlank(request.getParameter("loginName"))) {
                BaseAction action = (BaseAction) invocation.getAction();
                action.addActionError("登录用户不存在");
            }
            System.out.println("wxn------not login");
            return "loginForm";
        }

        if (!authorityManager.canAccess(user.getId(), ServletActionContext.getRequest())) {
            BaseAction action = (BaseAction) invocation.getAction();
            action.addActionError("没有该资源的访问权限");
            System.out.println("wxn------can not access");
            return "indexForm";
        }

        return invocation.invoke();
    }

    @Override
    public void init() {
        public_action.add("login");
        public_action.add("logout");
        public_action.add("index");
        public_action.add("verifycode");
        public_action.add("qual_score_browse_item_detail"); //员工查看自己考核记录
        public_action.add("qualscore_list"); //员工查看自己考核记录
        public_action.add("quan_histroy_details"); //员工查看自己考核记录
        authorityManager = BeanLocator.getBean(AuthorityManager.class);
        authorityManager.addSharedResource("/ajax/**");
        authorityManager.addSharedResource("/managehome*");
        authorityManager.addSharedResource("/file/**");
        authorityManager.addSharedResource("/public/**");
    }

    @Override
    public void destroy() {
        this.authorityManager = null;
    }

}
